sfp_api_laravel_diarista/app/Http/Controllers/WebhookController.php

<?php

namespace App\Http\Controllers;

use App\Services\WebhookService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;

class WebhookController extends Controller
{
    public function __construct(
        private readonly WebhookService $webhookService,
    ) {}

    public function pagarme(Request $request): JsonResponse
    {
        if (! $this->validPagarmeToken($request)) {
            return $this->errorResponse(message: __('http.unauthorized_token'), code: 401);
        }

        $this->webhookService->handlePagarme($request->all());

        return $this->successResponse(message: __('http.webhook_received'));
    }

    private function validPagarmeToken(Request $request): bool
    {
        $configuredToken = config('services.pagarme.webhook_token');

        if (empty($configuredToken)) {
            return true;
        }

        $receivedToken = $request->bearerToken()
            ?: $request->header('X-Webhook-Token')
            ?: $request->query('token');

        return is_string($receivedToken) && hash_equals($configuredToken, $receivedToken);
    }
}